问题
I'm new to IdentityServer3 and am just starting to get it set up. It seems to be going quite well and I've been working on the Hybrid flow for an MVC app similar to that shown in Kevin Dockx's Pluralsight course (http://www.pluralsight.com/courses/building-securing-restful-api-aspdotnet)
when I tried to configure IdentityServer with MVC error is pops up- Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolException: invalid_request
ID Server:
new Client
{
Enabled = true,
ClientName = "MVC Client (Hybrid Flow)",
ClientId = "mvc",
Flow = Flows.Hybrid,
RequireConsent = true,
RedirectUris = new List<string>
{"https://localhost:44358/"},
}
var scopes = new List<Scope>{
StandardScopes.OpenId,
StandardScopes.Profile
};
And the following is the code from the MVC client app
public void Configuration(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies",
//CookieName = "ourcookiename"
});
var options = new OpenIdConnectAuthenticationOptions
{
ClientId = "mvc",
Authority = "https://localhost:44367/identity/",
RedirectUri = "https://localhost:44358/",
// PostLogoutRedirectUri = "https://localhost:44300/",
SignInAsAuthenticationType = "Cookies",
ResponseType = "code id_token token",
Scope = "openId profile"
};
app.UseOpenIdConnectAuthentication(options);
}
And also have to configure IdentityServer3 with ServiceStack' for this I used linkhttps://github.com/MacLeanElectrical/servicestack-authentication-identityserver` to authenticate service but in Global.aspx for new AppHost().Init(); it shows error-
'System.NullReferenceException' occurred in ServiceStack.dll but was not handled in user code
回答1:
Here is how I'm doing mine
return new[]
{
new Client
{
Enabled = true,
ClientId = "Client",
ClientName = "SomeClient",
Flow = Flows.Hybrid,
RequireConsent = true,
AllowedScopes = new List<string>
{
"openid",
"profile",
"roles",
"api",
"offline_access"
},
RedirectUris = new List<string>
{
Constants.Client
},
AccessTokenLifetime = 3600,
ClientSecrets = new List<Secret>()
{
new Secret("secret".Sha256())
}
}
};
var scopes = new List<Scope>
{
//Identity Scopes
StandardScopes.OpenId,
StandardScopes.Profile,
new Scope
{
Enabled = true,
Name = "roles",
DisplayName = "Roles",
Description = "The roles you belong to.",
Type = ScopeType.Identity,
Claims = new List<ScopeClaim>
{
new ScopeClaim("role")
}
},
new Scope
{
Enabled = true,
Name="api",
DisplayName = "API Scope",
Description = "To accesss the API",
Type = ScopeType.Resource,
Emphasize = false,
Claims = new List<ScopeClaim>
{
new ScopeClaim("role"),
new ScopeClaim("id")
}
},
StandardScopes.OfflineAccess
};
return scopes;
回答2:
I don't see you specifying the AllowedScopes in your client
new Client
{
Enabled = true,
ClientName = "MVC Client (Hybrid Flow)",
ClientId = "mvc",
Flow = Flows.Hybrid,
RequireConsent = true,
RedirectUris = new List<string>
{"https://localhost:44358/"},
AllowedScopes = new List<string>{
"openid",
"profile"
};
}
来源:https://stackoverflow.com/questions/38638363/identityserver3-with-servicestack-and-mvc-client